Since the dawn of the Web and ubiquitous free e-mail services over the past two decades, the need to secure personal information online has been evident but often ignored. Last month’s exposure of the U.S. National Security Agency’s PRISM program for collecting data on individuals suspected of plotting terrorist attacks, spying or other forms of malfeasance (pdf) has helped bring privacy issues back into the spotlight. In fact, the news about PRISM even encouraged some prominent Internet pioneers to condemn the practice and call for renewed efforts among Internet users and their service providers to encrypt more data, to protect it from prying eyes.

Vint Cerf, Google’s chief Internet evangelist and co-developer of the TCP/IP communications protocol that makes the Internet tick, recently told The Times of London that computer scientists should devise an anti-snooping solution for the Web using encrypted communication. Cerf encouraged developers to reexamine how some of the Internet’s core security features—in particular Internet Protocol Security (IPsec)—were designed to enable end-to-end cryptography.

Unfortunately, cryptography’s ability to thwart online surveillance or theft comes with a number of caveats and qualifications. Cerf’s comments highlight a key difficulty in using encryption to protect data as it traverses the Internet and comes to rest on a computer or storage drive. Given the diversity of the digital terrain, data is rarely encrypted from start to finish. Even when data is encrypted in transit from one computer to another in a network, it often must be decrypted at each point and reencrypted when handed off to the next computer. If any of these way stations—whether a PC, a Web server or a piece of networking equipment—is not well protected, unencrypted data is left vulnerable to prying eyes.

Data at rest
There are several programs available for encrypting data once it is stored on an end point like a PC or laptop—including Microsoft BitLocker, Apple FileVault, PGPdisk and TrueCrypt. These programs typically create an encrypted volume on the hard drive or encrypt the entire hard drive using a key derived from a password that you type in as part of the start-up process.

The catch is that users have to actively set up these programs. They don’t run by default, and many people don’t even know these programs exist.

In motion
Data in transit within the network can be encrypted using a number of different approaches, says cryptographer Paul Kocher, president and chief scientist of Cryptography Research, a designer of data, computer and network security systems. A widely used example is a password-protected wi-fi network, where the password is essentially used as an encryption key or to derive encryption keys so that data going from your machine back to the router is only accessible to people who know that password. Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME) are a couple of other common encryption technologies but are limited primarily to e-mail transactions.

Secure Sockets Layer (SSL) protocol offers a broader example of how data can be encrypted in transit. Kocher helped develop SSL, a cryptographic protocol used to encode communications over TCP/IP networks, for Netscape as a means to transmit private documents via the Internet in the mid-1990s. SSL uses a cryptographic system with two keys—a public key to encrypt the data and a private key, known only to a message’s recipient, to decipher it.

If used properly, SSL encrypts a user’s data from their Web browser to the Web server. The browser can use SSL, for example, to authenticate that your computer is communicating with an actual Web site as opposed to an imposter set up to steal data or spread malware. (Note that URLs requiring an SSL connection start with “https” instead of “http”.)

Sneak attack
The primary limitation of protocols like SSL is that the security depends on the machines on each end. If either of those devices has been infected with a virus or some other malware, decryption keys on that machine can be stolen, leaving data in transit vulnerable to theft or tampering. Given that encryption algorithms themselves tend to be very strong, it is more likely that a thief or eavesdropper will enter through something akin to a side door rather than try to break that algorithm and decrypt the data, Kocher says. “The end points are inevitably weaker than the mathematics of the algorithms.”

Another threat to SSL comes in the form of so-called “man in the middle” attacks, in which the attacker intercepts messages and then retransmits them. This is done in such a way that the two original parties still appear to be communicating with each other. Pop-up warnings normally caution users when this might be happening, but users often dismiss such warnings without realizing the consequences, Kocher says. (One such warning informs Web surfers: “This Connection Is Untrusted,” and offers the options “Get me out of here!” to terminate the connection or “I Understand the Risks” to proceed.)

Most e-mail programs support SSL encryption as messages are sent from the user’s machine to their ISPs. As messages move through the core of the Internet, they are usually unencrypted, however. “Unless somebody is doing something intentionally to put encryption on the messages, the messages are decrypted at each hop along the way and are visible there,” Kocher says.

Decidedly unsocial
Encryption used in other forms of online messaging—social networks, in particular—is also hit or miss. For the most part, when you have one of these server-based cloud services where the cloud has the ability to access all of the data, all of your security depends on the machines that are hosting your information, Kocher says.

In a statement issued after NSA whistleblower Edward Snowden blew the lid off of his former employer’s PRISM program, Apple claimed conversations taking place over its iMessage and FaceTime services “are protected by end-to-end encryption so no one but the sender and receiver can see or read them.” The company further said that it “cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.”

Apple’s claim of end-to-end encryption means anyone trying to compromise communications via its services must compromise an end point to capture them. But that isn’t necessarily hard to do, especially for an intelligence agency or an experienced attacker, Kocher says. “It means [they] have to target a particular end point as opposed to turning the vacuum cleaner on and sucking up [every message] automatically.”

Skype used to claim to have endpoint-to-endpoint encryption. “From some evaluations I’m aware of, that actually seemed to be the case in the past,” Kocher says. More recently, however, Microsoft (which bought Skype in 2011) has modified the protocols so that data is decrypted at the server and then reencrypted before being sent out to the other end of the communication. “So it appears that they’ve actually gone from a stronger model to one that is weaker and more susceptible to surveillance,” he adds. Recent reports indicate that Microsoft actually helped the U.S. government circumvent the company’s own encryption, granting the federal agencies access to Skype video calls as well as Outlook Web chats and e-mail, and information stored via Microsoft's cloud-based SkyDrive online backup and storage software.

If more people used encryption, it would be more difficult—not impossible—for cyber thieves and government agencies to eavesdrop. Still, even if people do a better job of protecting their e-mail communications and data stored on their devices, they need to likewise monitor their use of social networks and other Web sites visible to the general public. Who needs a court order or computer virus when so much information if offered up willingly via sites such as Facebook and Twitter?

Scientific American is part of Springer Nature, which owns or has commercial relations with thousands of scientific publications (many of them can be found at www.springernature.com/us). Scientific American maintains a strict policy of editorial independence in reporting developments in science to our readers.